{"id":38781614,"url":"https://github.com/ucopacme/orgcrawler","last_synced_at":"2026-01-17T12:25:24.890Z","repository":{"id":57449580,"uuid":"139742757","full_name":"ucopacme/orgcrawler","owner":"ucopacme","description":"A toolset for managing AWS resources across an organization","archived":false,"fork":false,"pushed_at":"2020-04-03T01:54:40.000Z","size":202,"stargazers_count":4,"open_issues_count":15,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-09-25T09:31:54.297Z","etag":null,"topics":["aws","boto3","organizations"],"latest_commit_sha":null,"homepage":"https://orgcrawler.readthedocs.io/en/latest/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ucopacme.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":"CONTRIBUTING.rst","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-04T16:04:16.000Z","updated_at":"2022-05-26T16:21:40.000Z","dependencies_parsed_at":"2022-09-26T17:31:19.855Z","dependency_job_id":null,"html_url":"https://github.com/ucopacme/orgcrawler","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/ucopacme/orgcrawler","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucopacme%2Forgcrawler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucopacme%2Forgcrawler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucopacme%2Forgcrawler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucopacme%2Forgcrawler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ucopacme","download_url":"https://codeload.github.com/ucopacme/orgcrawler/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ucopacme%2Forgcrawler/sbom","scorecard":{"id":906731,"data":{"date":"2025-08-11","repo":{"name":"github.com/ucopacme/orgcrawler","commit":"46f30923673c1ee19cb50e59bf7447f2624cff1a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2021-142 / GHSA-8q59-q68h-6hv4","Warn: Project is vulnerable to: PYSEC-2018-49 / GHSA-rprw-h62v-c2w7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T17:38:07.911Z","repository_id":57449580,"created_at":"2025-08-24T17:38:07.911Z","updated_at":"2025-08-24T17:38:07.911Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28508464,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T11:50:55.898Z","status":"ssl_error","status_checked_at":"2026-01-17T11:50:55.569Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","boto3","organizations"],"created_at":"2026-01-17T12:25:24.264Z","updated_at":"2026-01-17T12:25:24.882Z","avatar_url":"https://github.com/ucopacme.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Getting Started with OrgCrawler\n===============================\n\nA python library for managing resources across all accounts in an AWS Organization.\n\nOrgCrawler package exports two primary classes:\n\n``orgcrawler.orgs.Org``\n  provides a data model and methods for querying AWS Organizations resources:\n\n  - accounts\n  - organizational units\n  - service control policies\n\n``orgcrawler.crawlers.Crawler``\n  provides a framework for executing user defined python code in all accounts and regions or a subset thereof. \n\nOrgCrawler also contains two commandline scripts:\n\n``orgquery``\n  Provides a generic interface for running organization queries\n\n``orgcrawler``\n  Execute a custom boto3 payload function in all specified accounts/regions\n\nSee full documentation at https://orgcrawler.readthedocs.io/en/latest/\n\nCurrently orgcrawler is tested in python 3.6, 3.7.\n\n\nThe OrgCrawler package no longer contains payload functions.  These are now maintained\nin package ``orgcrawler-payload``.\n\n\nInstallation\n------------\n\n::\n\n  pip install orgcrawler\n  pip install orgcrawler-payload\n\n\n\n\nThe Org object\n--------------\n\nUsage\n*****\n\nCreate an orgcrawler.orgs.Org instance::\n\n  master_account_id = orgcrawler.utils.get_master_account_id('myOrgMasterRole')\n  my_org = orgcrawler.orgs.Org(master_account_id, 'myOrgMasterRole')\n\nLoad your organization's account and organizational unit resources into your instance::\n\n  my_org.load()\n \nQuery your organization's account and organizational unit resources::\n\n  all_accounts = my_org.list_accounts_by_name()\n  all_org_units = my_org.list_org_units()\n  test_accounts = my_org.list_accounts_in_ou('testing')\n\n\nDetails\n*******\n\nA newly initialized Org object only contains master account information.\n\nThe ``load()`` method makes boto3 client calls to the master account to\npopulate the Org object's Account and OrganizationalUnit resource data.\n\nThe `loaded` Org object is cached to local disk to improve the performance of\nsubsequent ``load()`` calls.  After an hour, the cached Org object is timed\nout.  It contains no AWS account credentials.\n   \nOrg object query methods can return listings of accounts based on OrganizationalUnit membership.\nSee the API docs for a full listing of query methods\n\n\nThe Crawler object\n------------------\n\nThe orgcrawler.crawlers.Crawler object provides a framework for running python\nfunctions in all accounts and regions in your organization or a subset thereof. \n\nCreate an orgcrawler.crawlers.Crawler instance::\n\n  my_crawler = orgcrawler.crawlers.Crawler(\n      my_org,\n      access_role='myAccountAdminRole',\n      accounts=test_accounts,\n      regions=['us-west-1', 'us-east-1'],\n  )\n\nLoad AWS credentials for each account into your Crawler instance::\n\n  my_crawler.load_account_credentials()\n\n\nShortcut Crawler Setup\n----------------------\n\nYou can generate an Crawler object and associated Org object with a single utility function::\n\n  from orgcrawler.cli.utils import setup_crawler\n  my_crawler = crawler_setup('MyMasterAccountRole')\n\nor::\n\n  crawler_params = dict(\n      access_role='myAccountAdminRole',\n      accounts=test_accounts,\n      regions=['us-west-1', 'us-east-1'],\n  )\n  my_crawler = crawler_setup('MyMasterAccountRole', **crawler_params)\n\n\nRunning Crawler Payload Functions\n---------------------------------\n\nRun your custom python code in all account/regions configured in your Crawler\nby calling the ``execute()`` method of your Crawler instance.  Supply your\n`payload` function and any function arguments as parameters::\n\n  import my_payloads\n  all_buckets = my_crawler.execute(my_payloads.list_s3_buckets)\n  my_crawler.execute(my_payloads.create_bucket, 'my_bucket')\n\n\nRequirments for Payload Functions\n---------------------------------\n\nThe Crawler.execute method calls your custom function with the following\nparameters: ``region, account, *args``, where ``region`` is a string,\n``account`` is orgcrawler.orgs.OrgAccount instance, and ``args`` is a list of\npositional parameters to pass to your function.  Your function must create its\nown boto3 client for whatever services it will use.\n\nExamples::\n\n  def list_s3_buckets(region, account):\n      client = boto3.client('s3', region_name=region, **account.credentials)\n      response = client.list_buckets()\n\n  def create_bucket(region, account, bucket_prefix):\n      client = boto3.client('s3', region_name=region, **account.credentials)\n      bucket_name = '-'.join([bucket_prefix, account.id, region])\n      bucket_attributes = {'Bucket': bucket_name}\n      if not region == 'us-east-1':\n          bucket_attributes['CreateBucketConfiguration'] = {'LocationConstraint': region}\n      response = client.create_bucket(**bucket_attributes)\n\n\nRunning payloads which call global AWS services\n-----------------------------------------------\n\nWhen calling a payload function which accesses a global service, set the\n``regions`` attribute of your Crawler instance either to ``us-east-1`` or to\nthe keywork ``GLOBAL``.  Otherwise, Crawler.execute() will travers every AWS\nregion and redandantly run your payload::\n\n  my_crawler = crawler_setup('MyMasterAccountRole')\n  my_crawler.update_regions('GLOBAL')\n  my_crawler.execute(iam_list_users)\n\n\nOrgCrawler CLI Scripts\n----------------------\n\nThis package contains two console scripts: ``orgquery`` and ``orgcrawler``.\nThese attempt to provide a generic interface for running organization queries\nand custom crawler functions.  They provide concrete examples for how to build\norgcrawler applications.\n\nSee ``orgcrawler/cli/{orgquery|orgcrawler}.py`` for code.\n\nRun with the ``--help`` option for usage.  \n\n\nCLI Examples\n------------\n\norgquery\n********\n\n::\n\n  orgquery -h\n  orgquery -r OrgMasterRole list_accounts_by_name\n  orgquery -r OrgMasterRole -f yaml get_account_id_by_name webapps\n  orgquery -r OrgMasterRole get_targets_for_policy LimitAWSRegions |  jq -re .[].Name\n\n\norgcrawler\n**********\n\n::\n\n  orgcrawler -h\n  orgcrawler -r OrgMasterRole orgcrawler.payloads.list_buckets\n  orgcrawler -r OrgMasterRole --account-role S3Admin orgcrawler.payloads.create_bucket orgcrawler-testbucket\n  orgcrawler -r OrgMasterRole --service codecommit --payload-file ~/my_payloads.py list_cc_repositories\n  orgcrawler -r OrgMasterRole --accounts app-test,app-prod --regions us-east-1,us-west-2 orgcrawler.payloads.config_describe_rules\n\nWhen running a payload function which calls a global AWS service such as IAM or\nRoute53, use the ``--service`` option.  This will set the ``regions`` attibute\nof your crawler object to the default region ``us-east-1``::\n\n  orgcrawler -r OrgMasterRole --service iam orgcrawler.payloads.iam_list_users\n  orgcrawler -r OrgMasterRole --service route53 orgcrawler.payloads.list_hosted_zones\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fucopacme%2Forgcrawler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fucopacme%2Forgcrawler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fucopacme%2Forgcrawler/lists"}